Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/gc_wmiGg9_HSVssF40CgwDVsOsk.roa
File:                     gc_wmiGg9_HSVssF40CgwDVsOsk.roa (raw, json)
Hash identifier:          Zj8a8VT3IUbPWpG+Tm7NCilgkzoY7iaH53EJTul8OKc=
Subject key identifier:   81:CF:F0:9A:21:A0:F7:F1:D2:56:CB:05:E3:40:A0:C0:35:6C:3A:C9
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199523D5FD7C8E92B58970FC74778EA569B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/gc_wmiGg9_HSVssF40CgwDVsOsk.roa
Signing time:             Tue 16 Sep 2025 11:16:17 +0000
ROA not before:           Tue 16 Sep 2025 11:16:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207594
IP address blocks:        151.241.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 21:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:3d:5f:d7:c8:e9:2b:58:97:0f:c7:47:78:ea:56:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 16 11:16:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81cff09a21a0f7f1d256cb05e340a0c0356c3ac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:82:d4:3a:1c:e3:d7:bb:3d:4e:b7:31:30:1a:
                    c3:80:fa:e0:8a:b4:57:f7:f2:8e:82:55:b0:79:cf:
                    ad:3e:51:9f:10:44:0b:b6:7a:15:94:0f:31:4c:ce:
                    60:8e:9b:c5:43:95:9c:4b:8a:d5:a2:a9:cf:4d:80:
                    52:09:ad:10:d7:92:b0:0a:bf:f0:dd:0c:4c:29:d4:
                    83:cb:df:2c:47:7e:c0:97:7e:36:c7:1e:7d:41:5d:
                    3b:7d:2c:10:3d:b2:49:22:dd:f7:18:7d:88:f0:c4:
                    d9:ad:4b:cb:6f:21:62:27:43:fe:cb:01:11:05:64:
                    6a:0a:ef:79:99:ed:bb:30:3b:b9:d3:6f:63:f0:ad:
                    1c:9f:e5:7e:57:e1:32:d0:1d:67:d1:53:e2:19:0d:
                    cf:53:2a:40:97:65:87:fb:96:c1:c7:94:91:fe:5f:
                    35:d4:5c:01:9f:cd:e8:5f:18:d3:40:3f:30:52:13:
                    02:86:eb:4f:bf:ac:d9:73:25:2e:5f:2f:d8:37:7a:
                    d3:aa:66:48:e1:d0:8a:1d:78:dc:8f:c8:cc:bf:12:
                    f6:11:a1:80:bf:83:eb:a6:3f:be:a1:a8:d5:ac:c0:
                    76:7a:9d:8c:79:bf:50:82:0b:6e:66:2a:ad:61:14:
                    7d:5e:3f:b1:75:ae:78:90:26:83:a3:cc:29:43:d3:
                    f4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:CF:F0:9A:21:A0:F7:F1:D2:56:CB:05:E3:40:A0:C0:35:6C:3A:C9
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/gc_wmiGg9_HSVssF40CgwDVsOsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2d:98:82:4d:0a:85:61:d6:12:c6:be:99:96:08:b6:17:77:67:
         3d:21:e6:7c:c7:ca:78:17:eb:8e:1d:67:df:45:71:58:e6:23:
         02:a6:82:d9:12:1c:c3:87:6c:e5:24:fe:4d:9b:8f:39:54:8c:
         52:9d:4e:f0:e5:6a:91:75:47:df:5f:45:d6:ab:63:d2:fe:a3:
         20:02:cb:f0:e0:25:49:7a:86:ca:e8:f0:80:3d:8d:f3:7a:9b:
         aa:c2:c3:7e:bd:4d:02:73:0a:9f:6b:c3:b9:e8:f3:e9:91:11:
         d0:3e:e3:36:bd:69:9d:98:3a:f2:20:ee:c3:74:9f:e8:80:4b:
         d1:7a:0d:72:b3:34:0f:de:75:31:a9:1f:a9:a9:50:08:3d:5e:
         90:fc:49:38:8a:fc:ae:8d:9b:2c:7e:3c:8f:b0:50:56:2e:49:
         2f:1d:3d:7d:d5:2d:43:ca:32:3c:bf:bb:c2:55:8d:bd:18:63:
         12:1f:d5:bd:78:9a:1c:1a:b4:21:0e:2e:ea:07:43:d0:33:77:
         37:76:72:56:62:d5:0b:22:01:29:82:d1:7d:ea:bb:6f:e6:4b:
         8a:e7:6a:f5:8b:9c:44:20:7a:25:c1:90:92:a3:b7:12:2f:b9:
         9f:e2:e7:29:62:55:53:f4:2d:f9:2b:f0:b6:66:c9:90:71:1e:
         02:08:8e:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlSPV/XyOkrWJcPx0d46labMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTE2MTExNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWNmZjA5YTIxYTBmN2YxZDI1NmNiMDVlMzQwYTBjMDM1NmMzYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oLUOhzj17s9TrcxMBrDgPrgirRX
9/KOglWwec+tPlGfEEQLtnoVlA8xTM5gjpvFQ5WcS4rVoqnPTYBSCa0Q15KwCr/w
3QxMKdSDy98sR37Al342xx59QV07fSwQPbJJIt33GH2I8MTZrUvLbyFiJ0P+ywER
BWRqCu95me27MDu5029j8K0cn+V+V+Ey0B1n0VPiGQ3PUypAl2WH+5bBx5SR/l81
1FwBn83oXxjTQD8wUhMChutPv6zZcyUuXy/YN3rTqmZI4dCKHXjcj8jMvxL2EaGA
v4Prpj++oajVrMB2ep2Meb9QggtuZiqtYRR9Xj+xda54kCaDo8wpQ9P0qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHP8JohoPfx0lbLBeNAoMA1bDrJMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZ2Nfd21pR2c5X0hTVnNzRjQwQ2d3RFZzT3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDl/HwMA0G
CSqGSIb3DQEBCwUAA4IBAQAtmIJNCoVh1hLGvpmWCLYXd2c9IeZ8x8p4F+uOHWff
RXFY5iMCpoLZEhzDh2zlJP5Nm485VIxSnU7w5WqRdUffX0XWq2PS/qMgAsvw4CVJ
eobK6PCAPY3zepuqwsN+vU0Ccwqfa8O56PPpkRHQPuM2vWmdmDryIO7DdJ/ogEvR
eg1yszQP3nUxqR+pqVAIPV6Q/Ek4ivyujZssfjyPsFBWLkkvHT191S1DyjI8v7vC
VY29GGMSH9W9eJocGrQhDi7qB0PQM3c3dnJWYtULIgEpgtF96rtv5kuK52r1i5xE
IHolwZCSo7cSL7mf4ucpYlVT9C35K/C2ZsmQcR4CCI4E
-----END CERTIFICATE-----